WebSign

WebSign is a major competitive advantage of Cyph, which can be summarized as “secure web application” technology.

In other words, Cyph is the only service that runs right in your browser as a typical web app without compromising the privacy of your data.

The web is generally unsuitable for applications that require an assurance of application integrity — most notably, cryptography — because the web is built around a Trust On Every Use security model. That is to say, it provides no protection whatsoever from tampering by malicious third parties. This limitation is the reason that no trustworthy alternative to Cyph is available as a web app.

WebSign overcomes this limitation by establishing a Trust On First Use security model within the browser sandbox. From there, it bootstraps our code signing logic (an industry-standard practice that already secures anything you install from an app store). This makes Cyph easier to use than alternatives that confine you to a mobile app.

WebSign was originally presented during our talks at Black Hat 2016 and DEF CON 24 (deck, video), and is now protected by US Patent 9,906,369.